Re: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2017-06-29 at 20:38 -0400, William Oliver wrote:

> Personally, I assume that my computers are always on the verge of being
> compromised.  It's one of the things I like about fedora -- I always do
> a clean install when a new version comes out, and I occasionally to a
> clean reinstall midway through.  That basically means I wipe my machine
> every three months.  It won't stop people from breaking in, but it
> hampers long term surveillance.

That is more work than needed.  Use the power of RPM.  Boot a live CD
and validate every package on the installed copy.  That one step gets
you a high degree of confidence nothing funny is going on.

Mount up your install, say on /mnt.  Do all the bind mounts
of /dev, /proc and /sys, etc (or let rescue mode do it for you) like you
were about to chroot into it, BUT DON"T.  If you chroot into it you
execute code from the suspect drive and possibly taint the Live CD
environment.  If you accidentally chroot, reboot and start over.

Now do "rpm -Va --root /mnt >/tmp/exception_report.txt"  Then look at
anything it throws out, config files are probably ok, especially if you
know you changed them but changed binaries are a big red flag.  If you
are still feeling paranoid, rpm -qa --list --root /mnt will produce a
list of every single file that belongs to the package manager.   Sort
that and subtract from a list of every file (exclude your home dir of
course) and investigate those.

Unless you change very little from the base install, validating is
probably faster than a full reinstall and reconfig.  As long as you
generate all the lists of files from the live cd you can stuff them into
your $HOME and then do the rest of the work while booted back into your
normal install.  Unless you suspect somebody serious might be after you
it is probably safe enough to skip the live CD and just run "rpm -Va"
and look for oddities.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux